<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
    "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="generator" content="AsciiDoc 8.6.8" />
<link rel="Shortcut Icon" href="/images/favicon.ico" type="image/x-icon" />
<title></title>
<link rel="stylesheet" href="asciidoc-5.css" tppabs="http://old.peachfuzzer.com/v3/TutorialDumbFuzzing/asciidoc.css" type="text/css" />
<link rel="stylesheet" href="website-5.css" tppabs="http://old.peachfuzzer.com/v3/TutorialDumbFuzzing/website.css" type="text/css" />
</head>

<body>

<div id="layout-menu-box">
<div id="layout-menu">
  <div><a href="WhatIsPeach.html" tppabs="http://old.peachfuzzer.com/WhatIsPeach.html">What is Peach</a></div>
  <div><a href="Installation.html" tppabs="http://old.peachfuzzer.com/v3/Installation.html"><b>Installing</b></a></div>
  <div><a href="PeachQuickStart.html" tppabs="http://old.peachfuzzer.com/v3/PeachQuickStart.html"><b>Tutorials</b></a></div>
  <div><a href="Methodology.html" tppabs="http://old.peachfuzzer.com/Methodology.html">Methodology</a></div>
  <div><a href="Introduction.html" tppabs="http://old.peachfuzzer.com/Introduction.html">Introduction</a></div>
  <div><a href="Training.html" tppabs="http://old.peachfuzzer.com/Training.html">Training</a></div>
  <div><a href="javascript:if(confirm(%27http://www.dejavusecurity.com/peach.html  \n\nThis file was not retrieved by Teleport Ultra, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?%27))window.location=%27http://www.dejavusecurity.com/peach.html%27" tppabs="http://www.dejavusecurity.com/peach.html">Enterprise</a></div>
  <div><a href="FAQ.html" tppabs="http://old.peachfuzzer.com/v3/FAQ.html">FAQ</a></div>
  <div><a href="javascript:if(confirm(%27http://forums.peachfuzzer.com/forum.php  \n\nThis file was not retrieved by Teleport Ultra, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?%27))window.location=%27http://forums.peachfuzzer.com/forum.php%27" tppabs="http://forums.peachfuzzer.com/forum.php">Support Forums</a></div>

  <div><h5>Peach 3</h5></div>
  <div><img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="PeachPit.html" tppabs="http://old.peachfuzzer.com/v3/PeachPit.html">Peach Pits</a></div>
  <div>&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="GeneralConfiguration.html" tppabs="http://old.peachfuzzer.com/v3/GeneralConfiguration.html">General Conf</a></div>
  <div>&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="DataModeling.html" tppabs="http://old.peachfuzzer.com/v3/DataModeling.html">Data Modeling</a></div>
  <div>&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="StateModel.html" tppabs="http://old.peachfuzzer.com/v3/StateModel.html">State Modeling</a></div>
  <div>&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="AgentsMonitors.html" tppabs="http://old.peachfuzzer.com/v3/AgentsMonitors.html">Agents</a></div>
  <div>&nbsp;&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="AgentsMonitors.html" tppabs="http://old.peachfuzzer.com/v3/AgentsMonitors.html">Monitors</a></div>
  <div>&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="TestConfig.html" tppabs="http://old.peachfuzzer.com/v3/TestConfig.html">Test</a></div>
        <div>&nbsp;&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="Publisher.html" tppabs="http://old.peachfuzzer.com/v3/Publisher.html">Publishers</a></div>
  <div>&nbsp;&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="Logger.html" tppabs="http://old.peachfuzzer.com/v3/Logger.html">Loggers</a></div>
  <!-- <div>&nbsp;<img src="/images/1.gif" /><a href="/v3/DebuggingPitFiles.html">Debugging Pits</a></div> -->
  <!-- <div>&nbsp;<img src="/images/1.gif" /><a href="/v3/ValidatingPitFiles.html">Validating Pits</a></div> -->
  <div><img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="RunningPeach.html" tppabs="http://old.peachfuzzer.com/v3/RunningPeach.html">Running</a></div>
  <!-- <div><img src="/images/1.gif" /><a href="/v3/ParallelPeach.html">Parallel</a></div> -->
  <!-- <div><img src="/images/1.gif" /><a href="/v3/ExtendingPeach.html">Extending</a></div> -->
  <div><img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="minset.html" tppabs="http://old.peachfuzzer.com/v3/minset.html">Minset</a></div>

  <div><h5><a href="peach23.html" tppabs="http://old.peachfuzzer.com/v2/peach23.html">Peach 2.3</a></h5></div>

  <div><hr/></div>

  <div><a href="License.html" tppabs="http://old.peachfuzzer.com/License.html">License</a></div>
</div>
</div>
<div id="layout-content-box">
<div id="layout-banner">
  <div id="layout-title">
    <a href="index.htm" tppabs="http://old.peachfuzzer.com/"><img src="peach_fuzzer.png" tppabs="http://old.peachfuzzer.com/images/peach_fuzzer.png" height="100" /></a>
    <a href="javascript:if(confirm(%27http://www.dejavusecurity.com/peach.html  \n\nThis file was not retrieved by Teleport Ultra, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?%27))window.location=%27http://www.dejavusecurity.com/peach.html%27" tppabs="http://www.dejavusecurity.com/peach.html" class="layout-inner-banner-right">
                <img height="50" src="dejavusecurity.png" tppabs="http://old.peachfuzzer.com/images/dejavusecurity.png" /></a>
  </div>

  <div id="layout-description">
  <script>
  (function() {
    var cx = '007028538774543840348:g-0dlrdlmxs';
    var gcse = document.createElement('script'); gcse.type = 'text/javascript'; gcse.async = true;
    gcse.src = (document.location.protocol == 'https:' ? 'https:' : 'http:') +
        '//www.google.com/cse/cse.js?cx=' + cx;
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(gcse, s);
  })();
</script>
<gcse:search></gcse:search>
      </div>
</div>
<div id="layout-content">
<div id="content">
<div class="paragraph"><p><a href="ConfigurePublisher.html" tppabs="http://old.peachfuzzer.com/v3/TutorialDumbFuzzing/ConfigurePublisher.html">&lt;&lt; Previouse</a> | <a href="TutorialDumbFuzzing.html" tppabs="http://old.peachfuzzer.com/v3/TutorialDumbFuzzing.html">Up</a> | <a href="TutorialDumbFuzzing.html" tppabs="http://old.peachfuzzer.com/v3/TutorialDumbFuzzing.html">Finished</a></p></div>
<hr />
<div class="sect1">
<h2 id="_agent_and_monitor">Agent and Monitor</h2>
<div class="sectionbody">
<div class="paragraph"><p>Now we are ready to configure our agent and monitors.
Agents are special Peach processes that can be run locally in process or remote over a network connection.
These agents host one or more monitors that can perform such actions as attaching debuggers,
watching memory consumption, etc.
For this tutorial we are going to configure Peach to use monitors specific to each target platform.
Windows will be configured to use Microsoft WinDbg to monitor <code>mspaint.exe</code> for exceptions and other common issues.
Additionally on Windows we will enable the HEAP debugging for the target process.
Linux will be configured to monitor for the presence of core files.
OSX will be configured to use CrashWrangler to monitor <code>Safari</code> for exceptions and other common issues.</p></div>
</div>
</div>
<div class="sect1">
<h2 id="_configure_the_agent_and_monitor">Configure the Agent and Monitor</h2>
<div class="sectionbody">
<div class="paragraph"><p>First lets locate the commented out <code>Agent</code> element in the template file, it will look something like this:</p></div>
<div class="listingblock">
<div class="content"><!-- Generator: GNU source-highlight 3.1.7
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><span style="font-style: italic"><span style="color: #9A1900">&lt;!-- TODO: Configure agent --&gt;</span></span>
<span style="font-weight: bold"><span style="color: #0000FF">&lt;Agent</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"TheAgent"</span> <span style="color: #009900">location</span><span style="color: #990000">=</span><span style="color: #FF0000">"http://127.0.0.1:9000"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span></tt></pre></div></div>
<div class="paragraph"><p>We are going to uncomment this section and remove the "location" attribute.
When no "location" attribute is present, Peach will automatically start a local Peach Agent.
We will configure three agents, one for Windows, one for Linux and one for OSX.
The Windows agent will be comprised of two monitors: WindowsDebugger and PageHeap.
The Linux agent will also be comprised of one monitor: LinuxDebugger.
The OSX agent will only be comprised of a single monitor: CrashWrangler.</p></div>
<div class="listingblock">
<div class="content"><!-- Generator: GNU source-highlight 3.1.7
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><span style="font-weight: bold"><span style="color: #0000FF">&lt;Agent</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"WinAgent"</span><span style="font-weight: bold"><span style="color: #0000FF">&gt;</span></span>
   <span style="font-weight: bold"><span style="color: #0000FF">&lt;Monitor</span></span> <span style="color: #009900">class</span><span style="color: #990000">=</span><span style="color: #FF0000">"WindowsDebugger"</span><span style="font-weight: bold"><span style="color: #0000FF">&gt;</span></span>

        <span style="font-style: italic"><span style="color: #9A1900">&lt;!-- The command line to run.  Notice the filename provided matched up</span></span>
<span style="font-style: italic"><span style="color: #9A1900">             to what is provided below in the Publisher configuration --&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Param</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"CommandLine"</span> <span style="color: #009900">value</span><span style="color: #990000">=</span><span style="color: #FF0000">"mspaint.exe fuzzed.png"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>

        <span style="font-style: italic"><span style="color: #9A1900">&lt;!-- This parameter will cause the debugger to wait for an action-call in</span></span>
<span style="font-style: italic"><span style="color: #9A1900">             the state model with a method="LaunchViewer" before running</span></span>
<span style="font-style: italic"><span style="color: #9A1900">             program.</span></span>
<span style="font-style: italic"><span style="color: #9A1900">        --&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Param</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"StartOnCall"</span> <span style="color: #009900">value</span><span style="color: #990000">=</span><span style="color: #FF0000">"LaunchViewer"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>

        <span style="font-style: italic"><span style="color: #9A1900">&lt;!-- This parameter will cause the monitor to terminate the process</span></span>
<span style="font-style: italic"><span style="color: #9A1900">             once the CPU usage reaches zero.</span></span>
<span style="font-style: italic"><span style="color: #9A1900">        --&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Param</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"CpuKill"</span> <span style="color: #009900">value</span><span style="color: #990000">=</span><span style="color: #FF0000">"true"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>

    <span style="font-weight: bold"><span style="color: #0000FF">&lt;/Monitor&gt;</span></span>

    <span style="font-style: italic"><span style="color: #9A1900">&lt;!-- Enable heap debugging on our process as well. --&gt;</span></span>
    <span style="font-weight: bold"><span style="color: #0000FF">&lt;Monitor</span></span> <span style="color: #009900">class</span><span style="color: #990000">=</span><span style="color: #FF0000">"PageHeap"</span><span style="font-weight: bold"><span style="color: #0000FF">&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Param</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"Executable"</span> <span style="color: #009900">value</span><span style="color: #990000">=</span><span style="color: #FF0000">"mspaint.exe"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
    <span style="font-weight: bold"><span style="color: #0000FF">&lt;/Monitor&gt;</span></span>

<span style="font-weight: bold"><span style="color: #0000FF">&lt;/Agent&gt;</span></span>

<span style="font-weight: bold"><span style="color: #0000FF">&lt;Agent</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"LinAgent"</span><span style="font-weight: bold"><span style="color: #0000FF">&gt;</span></span>
    <span style="font-style: italic"><span style="color: #9A1900">&lt;!-- Register for core file notifications. --&gt;</span></span>
    <span style="font-weight: bold"><span style="color: #0000FF">&lt;Monitor</span></span> <span style="color: #009900">class</span><span style="color: #990000">=</span><span style="color: #FF0000">"LinuxDebugger"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>

        <span style="font-style: italic"><span style="color: #9A1900">&lt;!-- This is the program we're going to run inside of the debugger --&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Param</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"Executable"</span> <span style="color: #009900">value</span><span style="color: #990000">=</span><span style="color: #FF0000">"feh"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>

        <span style="font-style: italic"><span style="color: #9A1900">&lt;!-- These are arguments to the executable we want to run --&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Param</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"Arguments"</span>  <span style="color: #009900">value</span><span style="color: #990000">=</span><span style="color: #FF0000">"fuzzed.png"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>

        <span style="font-style: italic"><span style="color: #9A1900">&lt;!-- This parameter will cause the monitor to terminate the process</span></span>
<span style="font-style: italic"><span style="color: #9A1900">             once the CPU usage reaches zero.</span></span>
<span style="font-style: italic"><span style="color: #9A1900">        --&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Param</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"CpuKill"</span> <span style="color: #009900">value</span><span style="color: #990000">=</span><span style="color: #FF0000">"true"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>

<span style="font-weight: bold"><span style="color: #0000FF">&lt;/Agent&gt;</span></span>

<span style="font-weight: bold"><span style="color: #0000FF">&lt;Agent</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"OsxAgent"</span><span style="font-weight: bold"><span style="color: #0000FF">&gt;</span></span>
    <span style="font-weight: bold"><span style="color: #0000FF">&lt;Monitor</span></span> <span style="color: #009900">class</span><span style="color: #990000">=</span><span style="color: #FF0000">"CrashWrangler"</span><span style="font-weight: bold"><span style="color: #0000FF">&gt;</span></span>
        <span style="font-style: italic"><span style="color: #9A1900">&lt;!-- The executable to run. --&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Param</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"Command"</span> <span style="color: #009900">value</span><span style="color: #990000">=</span><span style="color: #FF0000">"/Applications/Safari.app/Contents/MacOS/Safari"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>

        <span style="font-style: italic"><span style="color: #9A1900">&lt;!-- The program arguments.  Notice the filename provided matched up</span></span>
<span style="font-style: italic"><span style="color: #9A1900">             to what is provided below in the Publisher configuration --&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Param</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"Arguments"</span> <span style="color: #009900">value</span><span style="color: #990000">=</span><span style="color: #FF0000">"fuzzed.png"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>

        <span style="font-style: italic"><span style="color: #9A1900">&lt;!-- Do not use debug malloc. --&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Param</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"UseDebugMalloc"</span> <span style="color: #009900">value</span><span style="color: #990000">=</span><span style="color: #FF0000">"false"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>

        <span style="font-style: italic"><span style="color: #9A1900">&lt;!-- Treat read access violations as exploitable. --&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Param</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"ExploitableReads"</span> <span style="color: #009900">value</span><span style="color: #990000">=</span><span style="color: #FF0000">"true"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>

        <span style="font-style: italic"><span style="color: #9A1900">&lt;!-- Path to Crash Wrangler Execution Handler program. --&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Param</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"ExecHandler"</span> <span style="color: #009900">value</span><span style="color: #990000">=</span><span style="color: #FF0000">"/usr/local/bin/exc_handler"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>

        <span style="font-style: italic"><span style="color: #9A1900">&lt;!-- This parameter will cause the monitor to wait for an action-call in</span></span>
<span style="font-style: italic"><span style="color: #9A1900">             the state model with a method="LaunchViewer" before running</span></span>
<span style="font-style: italic"><span style="color: #9A1900">             program.</span></span>
<span style="font-style: italic"><span style="color: #9A1900">        --&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Param</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"StartOnCall"</span> <span style="color: #009900">value</span><span style="color: #990000">=</span><span style="color: #FF0000">"LaunchViewer"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>

    <span style="font-weight: bold"><span style="color: #0000FF">&lt;/Monitor&gt;</span></span>
<span style="font-weight: bold"><span style="color: #0000FF">&lt;/Agent&gt;</span></span></tt></pre></div></div>
</div>
</div>
<div class="sect1">
<h2 id="_configure_test">Configure Test</h2>
<div class="sectionbody">
<div class="paragraph"><p>Okay, now we just need to enable the agent for our test.
Head down to the <code>Test</code> element, specifically we are looking to uncomment this line,
and modify our Launcher publisher.</p></div>
<div class="listingblock">
<div class="content"><!-- Generator: GNU source-highlight 3.1.7
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><span style="font-style: italic"><span style="color: #9A1900">&lt;!-- &lt;Agent ref="LocalAgent"/&gt; --&gt;</span></span></tt></pre></div></div>
<div class="paragraph"><p>Leaving us with this:</p></div>
<div class="listingblock">
<div class="content"><!-- Generator: GNU source-highlight 3.1.7
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><span style="font-weight: bold"><span style="color: #0000FF">&lt;Test</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"Default"</span><span style="font-weight: bold"><span style="color: #0000FF">&gt;</span></span>
    <span style="font-weight: bold"><span style="color: #0000FF">&lt;Agent</span></span> <span style="color: #009900">ref</span><span style="color: #990000">=</span><span style="color: #FF0000">"WinAgent"</span> <span style="color: #009900">platform</span><span style="color: #990000">=</span><span style="color: #FF0000">"windows"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
    <span style="font-weight: bold"><span style="color: #0000FF">&lt;Agent</span></span> <span style="color: #009900">ref</span><span style="color: #990000">=</span><span style="color: #FF0000">"LinAgent"</span> <span style="color: #009900">platform</span><span style="color: #990000">=</span><span style="color: #FF0000">"linux"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
    <span style="font-weight: bold"><span style="color: #0000FF">&lt;Agent</span></span> <span style="color: #009900">ref</span><span style="color: #990000">=</span><span style="color: #FF0000">"OsxAgent"</span> <span style="color: #009900">platform</span><span style="color: #990000">=</span><span style="color: #FF0000">"osx"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>

    <span style="font-weight: bold"><span style="color: #0000FF">&lt;StateModel</span></span> <span style="color: #009900">ref</span><span style="color: #990000">=</span><span style="color: #FF0000">"TheState"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>

    <span style="font-weight: bold"><span style="color: #0000FF">&lt;Publisher</span></span> <span style="color: #009900">class</span><span style="color: #990000">=</span><span style="color: #FF0000">"File"</span><span style="font-weight: bold"><span style="color: #0000FF">&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Param</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"FileName"</span> <span style="color: #009900">value</span><span style="color: #990000">=</span><span style="color: #FF0000">"fuzzed.png"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
    <span style="font-weight: bold"><span style="color: #0000FF">&lt;/Publisher&gt;</span></span>
<span style="font-weight: bold"><span style="color: #0000FF">&lt;/Test&gt;</span></span></tt></pre></div></div>
</div>
</div>
<div class="sect1">
<h2 id="_configure_fuzzing_strategy">Configure Fuzzing Strategy</h2>
<div class="sectionbody">
<div class="paragraph"><p>Since we are dumb fuzzing with multiple files we will want to change the default fuzzing strategy Peach uses to one more suited to our needs.  The best fuzzing strategy for dumb fuzzing is the random strategy.  We can configure it by adding a <code>Strategy</code> element to our <code>Test</code> section.</p></div>
<div class="paragraph"><p>We will add this:</p></div>
<div class="listingblock">
<div class="content"><!-- Generator: GNU source-highlight 3.1.7
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>     <span style="font-weight: bold"><span style="color: #0000FF">&lt;Strategy</span></span> <span style="color: #009900">class</span><span style="color: #990000">=</span><span style="color: #FF0000">"Random"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span></tt></pre></div></div>
<div class="paragraph"><p>Leaving us with this:</p></div>
<div class="listingblock">
<div class="content"><!-- Generator: GNU source-highlight 3.1.7
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><span style="font-weight: bold"><span style="color: #0000FF">&lt;Test</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"Default"</span><span style="font-weight: bold"><span style="color: #0000FF">&gt;</span></span>
    <span style="font-weight: bold"><span style="color: #0000FF">&lt;Agent</span></span> <span style="color: #009900">ref</span><span style="color: #990000">=</span><span style="color: #FF0000">"WinAgent"</span> <span style="color: #009900">platform</span><span style="color: #990000">=</span><span style="color: #FF0000">"windows"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
    <span style="font-weight: bold"><span style="color: #0000FF">&lt;Agent</span></span> <span style="color: #009900">ref</span><span style="color: #990000">=</span><span style="color: #FF0000">"LinAgent"</span> <span style="color: #009900">platform</span><span style="color: #990000">=</span><span style="color: #FF0000">"linux"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
    <span style="font-weight: bold"><span style="color: #0000FF">&lt;Agent</span></span> <span style="color: #009900">ref</span><span style="color: #990000">=</span><span style="color: #FF0000">"OsxAgent"</span> <span style="color: #009900">platform</span><span style="color: #990000">=</span><span style="color: #FF0000">"osx"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>

    <span style="font-weight: bold"><span style="color: #0000FF">&lt;StateModel</span></span> <span style="color: #009900">ref</span><span style="color: #990000">=</span><span style="color: #FF0000">"TheState"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>

    <span style="font-weight: bold"><span style="color: #0000FF">&lt;Publisher</span></span> <span style="color: #009900">class</span><span style="color: #990000">=</span><span style="color: #FF0000">"File"</span><span style="font-weight: bold"><span style="color: #0000FF">&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Param</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"FileName"</span> <span style="color: #009900">value</span><span style="color: #990000">=</span><span style="color: #FF0000">"fuzzed.png"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
    <span style="font-weight: bold"><span style="color: #0000FF">&lt;/Publisher&gt;</span></span>

    <span style="font-weight: bold"><span style="color: #0000FF">&lt;Strategy</span></span> <span style="color: #009900">class</span><span style="color: #990000">=</span><span style="color: #FF0000">"Random"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
<span style="font-weight: bold"><span style="color: #0000FF">&lt;/Test&gt;</span></span></tt></pre></div></div>
</div>
</div>
<div class="sect1">
<h2 id="_configure_logging">Configure Logging</h2>
<div class="sectionbody">
<div class="paragraph"><p>Now that we are using monitors that can detect faults we will want to configure a logging mechanism to capture the results of our fuzzer run.</p></div>
<div class="paragraph"><p>Todo this add the following to the <code>Test</code> element at the bottom of our XML file:</p></div>
<div class="listingblock">
<div class="content"><!-- Generator: GNU source-highlight 3.1.7
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><span style="font-weight: bold"><span style="color: #0000FF">&lt;Logger</span></span> <span style="color: #009900">class</span><span style="color: #990000">=</span><span style="color: #FF0000">"Filesystem"</span><span style="font-weight: bold"><span style="color: #0000FF">&gt;</span></span>
    <span style="font-weight: bold"><span style="color: #0000FF">&lt;Param</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"Path"</span> <span style="color: #009900">value</span><span style="color: #990000">=</span><span style="color: #FF0000">"logs"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
<span style="font-weight: bold"><span style="color: #0000FF">&lt;/Logger&gt;</span></span></tt></pre></div></div>
<div class="paragraph"><p>So it looks like this:</p></div>
<div class="listingblock">
<div class="content"><!-- Generator: GNU source-highlight 3.1.7
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><span style="font-weight: bold"><span style="color: #0000FF">&lt;Test</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"Default"</span><span style="font-weight: bold"><span style="color: #0000FF">&gt;</span></span>
    <span style="font-weight: bold"><span style="color: #0000FF">&lt;Agent</span></span> <span style="color: #009900">ref</span><span style="color: #990000">=</span><span style="color: #FF0000">"WinAgent"</span> <span style="color: #009900">platform</span><span style="color: #990000">=</span><span style="color: #FF0000">"windows"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
    <span style="font-weight: bold"><span style="color: #0000FF">&lt;Agent</span></span> <span style="color: #009900">ref</span><span style="color: #990000">=</span><span style="color: #FF0000">"LinAgent"</span> <span style="color: #009900">platform</span><span style="color: #990000">=</span><span style="color: #FF0000">"linux"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
    <span style="font-weight: bold"><span style="color: #0000FF">&lt;Agent</span></span> <span style="color: #009900">ref</span><span style="color: #990000">=</span><span style="color: #FF0000">"OsxAgent"</span> <span style="color: #009900">platform</span><span style="color: #990000">=</span><span style="color: #FF0000">"osx"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>

    <span style="font-weight: bold"><span style="color: #0000FF">&lt;StateModel</span></span> <span style="color: #009900">ref</span><span style="color: #990000">=</span><span style="color: #FF0000">"TheState"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>

    <span style="font-weight: bold"><span style="color: #0000FF">&lt;Publisher</span></span> <span style="color: #009900">class</span><span style="color: #990000">=</span><span style="color: #FF0000">"File"</span><span style="font-weight: bold"><span style="color: #0000FF">&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Param</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"FileName"</span> <span style="color: #009900">value</span><span style="color: #990000">=</span><span style="color: #FF0000">"fuzzed.png"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
    <span style="font-weight: bold"><span style="color: #0000FF">&lt;/Publisher&gt;</span></span>

    <span style="font-weight: bold"><span style="color: #0000FF">&lt;Strategy</span></span> <span style="color: #009900">class</span><span style="color: #990000">=</span><span style="color: #FF0000">"Random"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>

    <span style="font-weight: bold"><span style="color: #0000FF">&lt;Logger</span></span> <span style="color: #009900">class</span><span style="color: #990000">=</span><span style="color: #FF0000">"Filesystem"</span><span style="font-weight: bold"><span style="color: #0000FF">&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Param</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"Path"</span> <span style="color: #009900">value</span><span style="color: #990000">=</span><span style="color: #FF0000">"logs"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
    <span style="font-weight: bold"><span style="color: #0000FF">&lt;/Logger&gt;</span></span>
<span style="font-weight: bold"><span style="color: #0000FF">&lt;/Test&gt;</span></span></tt></pre></div></div>
</div>
</div>
<div class="sect1">
<h2 id="_running_fuzzer">Running Fuzzer</h2>
<div class="sectionbody">
<div class="paragraph"><p>Now lets actually kick off our fuzzer for real!  Every 200 or so iterations the strategy will switch to a different sample file.</p></div>
<div class="listingblock">
<div class="content">
<pre><code>peach png.xml</code></pre>
</div></div>
</div>
</div>
<div class="sect1">
<h2 id="_whats_next">Whats Next?</h2>
<div class="sectionbody">
<div class="paragraph"><p>From here you will want to:</p></div>
<div class="olist arabic"><ol class="arabic">
<li>
<p>
Collect additional samples files
</p>
</li>
<li>
<p>
Run minset on the sample files to remove any files that cause duplicate code paths
</p>
</li>
<li>
<p>
Collect bugs!
</p>
</li>
</ol></div>
<hr />
<div class="paragraph"><p><a href="ConfigurePublisher.html" tppabs="http://old.peachfuzzer.com/v3/TutorialDumbFuzzing/ConfigurePublisher.html">&lt;&lt; Previouse</a> | <a href="TutorialDumbFuzzing.html" tppabs="http://old.peachfuzzer.com/v3/TutorialDumbFuzzing.html">Up</a> | <a href="TutorialDumbFuzzing.html" tppabs="http://old.peachfuzzer.com/v3/TutorialDumbFuzzing.html">Finished</a></p></div>
</div>
</div>
</div>
<div id="footnotes"></div>
<div id="footer">
<div id="footer-text">

<table width="100%">
<td><td>
<a href="javascript:if(confirm(%27http://dejavusecurity.com/  \n\nThis file was not retrieved by Teleport Ultra, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?%27))window.location=%27http://dejavusecurity.com/%27" tppabs="http://dejavusecurity.com/"><img src="dejavusecurity.png" tppabs="http://old.peachfuzzer.com/images/dejavusecurity.png" height="50"/></a>
</td><td>&nbsp;&nbsp;&nbsp;</td><td>

Copyright (c) <a href="javascript:if(confirm(%27http://dejavusecurity.com/  \n\nThis file was not retrieved by Teleport Ultra, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?%27))window.location=%27http://dejavusecurity.com/%27" tppabs="http://dejavusecurity.com/">Deja vu Security</a> <br/>
Last updated 2014-02-23 21:23:29 PST
</td>
</table>

<script type="text/javascript">

  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-1094513-10']);
  _gaq.push(['_trackPageview']);

  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www/') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  })();

</script>
</div>
</div>
</div>
</div>
</body>
</html>
